Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4901 1 Squiz 1 Mysource Matrix 2013-01-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter.
CVE-2010-5273 1 Altova 1 Diffdog 2011 2013-01-03 6.9 MEDIUM N/A
Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .dbdif file. NOTE: some of these details are obtained from third party information.
CVE-2012-1249 2 Google, Lunascape 2 Android, Ilunascape Android 2013-01-03 5.0 MEDIUM N/A
The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application.
CVE-2012-0295 1 Symantec 1 Endpoint Protection 2013-01-03 9.3 HIGH N/A
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.
CVE-2011-5087 1 Adastra 1 Trace Mode Data Center 2013-01-03 5.0 MEDIUM N/A
Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CANVAS.
CVE-2006-0218 1 Mybb 1 Mybb 2013-01-02 10.0 HIGH N/A
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.
CVE-2006-0633 1 Invisionpower 1 Invision Power Board 2013-01-02 6.4 MEDIUM N/A
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
CVE-2006-0697 1 Zen-cart 1 Zen Cart 2013-01-02 10.0 HIGH N/A
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
CVE-2007-5557 1 Nec 1 Mobile Handset 2013-01-02 7.8 HIGH N/A
Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2008-1114 1 Vocera 1 Wireless Handset 2013-01-02 4.3 MEDIUM N/A
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
CVE-2008-3981 1 Oracle 1 Secure Backup 2013-01-02 5.0 MEDIUM N/A
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2011-5024 1 Gnu 1 Mailman 2013-01-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
CVE-2011-5251 1 Vbulletin 1 Vbulletin 2013-01-02 5.8 MEDIUM N/A
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
CVE-2012-5654 2 Drupal, Nodewords Project 2 Drupal, Nodewords 2013-01-02 4.3 MEDIUM N/A
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.
CVE-2012-5666 1 Owncloud 1 Owncloud 2013-01-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.
CVE-2012-6080 1 Moinmo 1 Moinmoin 2013-01-02 6.4 MEDIUM N/A
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
CVE-2012-6470 1 Opera 1 Opera Browser 2013-01-02 9.3 HIGH N/A
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
CVE-2012-6466 1 Opera 1 Opera Browser 2013-01-02 5.0 MEDIUM N/A
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.
CVE-2012-6465 1 Opera 1 Opera Browser 2013-01-02 9.3 HIGH N/A
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
CVE-2012-6463 1 Opera 1 Opera Browser 2013-01-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.